Here are 9 misconceptions about GDPR

Small businesses are exempt. US-only companies are not at risk. ‘Legitimate interest’ allows marketing without consent. And other myths.

The upcoming General Data Protection Regulation (GDPR) is confusing enough without having to be weighed down by misconceptions.

So, here is a list of the top misconceptions about GDPR, according to two experts: Gary Southwell, VP/general manager of the cybersecurity division of security firm CSPi, and Kristina Podman, a digital policy consultant (who also consults for us, Third Door Media).

Misconception #1: ‘Legitimate interest’ allows marketing uses of personal data without user consent. While there is a “legitimate interest” exception in GDPR, it is always weighed against personal data rights. Podman said a company could, for instance, utilize data without consent under legitimate interest if it were under court order to do so, or if the data were needed to protect some vital interest like human rights, or if I needed your Social Security number after you’d already agreed to buy a car. But otherwise, consent is needed, and it’s not enough that a user has agreed to receive marketing info.

About The Author

Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.